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@ Video control system. 



@ A video control system Includes a central facBity (11) and a terminal (10). Video program means 
provided the terminal with a video program including a series of televston fields including a first field 
containing both a random digital code encrypted according to a code encryption key and program 
ktentification data, and a second field containing an unintetligS>le video signal prevtousty transformed 
from an intelligible video signal according to the randan d^ital code. The terminal (10) indudes moans 
(22) for ending the program identification data to the central fac3ity (11). The centra! fecBity inchides a 
data base (19) for storing and retrieving at least one code encryption key corresponding to the program 
identification data and means (20) for sending the code encryption key from the central facaHy (11) to 
the terminal (10). The tenninal (10) further indudes means (22) for receiving the code encryption key 
from the centrd facaity» decrypting means (23) for decrypting the encrypted d^ftal code of the first 
firan>e in accordance with the code encryption key and means (24) for transfonning the un&iteO^ible 
video signal of the second frame to the intelligible video signal using the decrypted rarulom digital code. 
The video program means may transmft the program to said terminal (10) or be located at tfie terminal 
(10) for playing a video recording medium storing the program. 
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This invention is concerned with video control 
systems. It is deslrat)le to provide a video control sys- 
tem which decrypts encrypted broadcasts or recorded 
copies of video material such that the sut)sequent 
viewing is controlled. This allows the owner to either 
forbid viewing, or coHect revenue at his or her discre- 
tion. 

In the prior art, a software distribution system is 
known wherein a computer program Is downloaded 
once, followed by an access key to allow use of it on 
each subsequent use. This system uses a dynamic 
key that constantly changes, and is directly related to 
a user's decoder box, both by ID and an internal 
dynamic counter. 

Also known is a video system that autonomously 
controls the viewing of a recording for either 24 liours 
or once only. U does not have the power of control 
desired. 

Accordingly the present invention provides a 
video system comprising: a central facility; a terminal; 
and video program means for providing to said termi- 
nal a video program including a series of television 
fi^ds including a first field containing both a random 
digital code encrypted according to a code encryption 
key and program Mentiftcatlon data, and a second 
field containing an unintelligible video signal previ- 
ously transformed from an intelli9it>le video signal 
according to said random digital code; said terminal 
including means for sending said program identifi- 
cation data to said central facSity; said central facility 
including a data base for storing and retrieving at least 
one code encryption key corresponding to the prog- 
ram identiftcation data and means for sending said 
code encryption key from said central facfl^ to said 
terminal; said terminal further including means for 
receiving the code encryption key from said central fa- 
cility, decrypting means for decrypting the encrypted 
digftal code of said first frame in accordance with said 
code encryption key and means for transforming said 
unintelligible video signal of said second frame to said 
intelligible video signal using the decrypted random 
digital code. 

One embodiment of th e invention will now be des- 
cribed, by way of example, with reference to the 
accompanying drawings in which: 

Rgure 1 is a block diagram of a video system 

embodying the invention; and 

Rgure 2 shows an encryptk>n arrangentent 

according to the invention. 

Reference is made to Figure 1 which is a block 
diagram of a video system 10 embodying the inven- 
tion. The video system comprises a central facOity 11, 
a terminal 12, and a duplex communication link 13 be- 
tween central facility 1 1 and terminal 12. An overview 
of the system ts first given. 

Terminal 12 is provided with a vfdeo program 
including a series of television fields including a first 
field containing both a random dig^ code encrypted 



according to a code encryption key artd program tdert- 
tification data, and a second field containing an unin- 
telligible video signal previously transfonmed from an 
intelligible video signal according to the random digital 
5 code. 

The vMeo program may be transmitted by broad- 
cast, cable, satellite, fiber, or any other transmission 
medium 14. Alternative the video program may be 
stored on a video recording ntedium 15 such as mag- 
10 netk: tape or video disk and played by player 1 6. The 
unintelligibie video signal may be either analog or digi- 
tal. 

A second field has a vertical blanking interval con- 
taining both a random digital code encrypted accord- 
is ing to a code encryption key and program 
identification data, is followed by a third field contaifv 
ing an unintelligible video signal previously transfor- 
med from an intelligible video signal according to the 
random digital code of the second field. 
20 Terminal 12 includes means 17 to store terminal 
identification data and means to send to the central fa- 
cility 11 the terminal identification data and the prog- 
ram identification data over link 13. 

Central facility 11 includes a data base 19 for stor- 
es ing and retrieving at least one code encryptk>n key 
corresponding to the program identification data, 
means 20 for sending the code encryption key from 
the central facility 1 1 to the terminal 1 2, and means 21 
for generating billing data based on both terminal 
30 kientification data and program Identification data. 

Terminal 1 2 further including means 22 for recetv- 
v}Q the code encryption key firom central fecQity 11, 
decrypting nrieans 23 for decrypting the encrypted 
random digital code of the first frame tn accordance 
35 with the code encryption key, and nrteans 24 for trans^ 
forming the unintelltgible video signal of the second 
frame to the intelligible video signal using the decryp- 
ted random digital code. 

Each terminal 12 may have a tenminal specific 
40 encryption key and means 1 8 to send to the central fa- 
dllty the program identification data and the tmminat 
11 identification data encrypted according to the ter- 
minal specific encryptton key. The central facility 11 
has means for storing a duplicate of the terminal 
45 specffic encryption key, means for encrypting the 
code encryption key according to the tsrntirral spedfk: 
encryption key; and nneans for sending the encrypted 
code encryption key from central fadltty 1 1 to temiinal 
12 

50 Terminal 12 further includes means 22 Ibr receiv- 
ing the encrypted code encryption key from central fa- 
cility 1 1 , decryption rr^eans 23 for decrypting the code 
erKryption key according to the terminal spedfic 
encryption key, and decrypting the encrypted random 

55 digital code of the first firan>e in accordance w^ the 
code enoyptkm key, and means 24 for transforming 
the untnteingible vkleo signal of the second frame to 
the tntaQigi!)le video signal using the decrypted ran- 
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dom digital code. 

Tenminal 12 inchjdes means to encrypt the termi- 
nal kfentrficatfon data according to the tenntnal speci- 
fic encryption key, means to send unencrypted 
terminal identification data and encrypted terminal 5 
identification data to the central facility, which in turn 
includes means to compare unencrypted and encryp- 
ted tenminal identification data to verify terminal iden- 
tity. 

A plurality of code encryption keys may be used io 
for one program wherein a desired code encryption 
key is selected from the plurality of code encryption 
keys in accordance with code encryption key identifh 
catbn data corresponding to the random digital code. 

Varfous features of the system are now discussed f 5 
in more detail. 

System 10 controls the viewing of video prog- 
rams, by whteh is meant any video material, either 
transmitted or recorded, in television fonmat consist- 
ing of a series of fields of lines. Two interlaced fields 20 
make up a television frame. 

VTideo programs are rendered unintelligible, e.g. 
scrambled, by any analog or d^ital method, and are 
made intellrgtble, e.g. descrambled, using random 
digital codes located in frelds. The random digitsd keys 25 
are themselves encrypted, and decrypted by a one or 
more key obtained from a database located at the 
central facOity, abng with user-specific information at 
the time of viewing. The system does not stop copy- 
ing, It controls viewing, whDe protecting revenues. As 30 
such, it can encourage copying, which could ease the 
distribution issue by controlling the playback such that 
revenue can be collected each time. 

Preferably duplex communication link 13 is a con- 
tinuous data channel between a temninal and a central 35 
facOity such as an ISDN D-channel or by modem over 
a regular phone line. 

The video program is encrypted, and needs a 
decrypter in the tenminal for viewing. The decrypter 
uses data embedded in the video program along w^ 40 
a data access to correctly perform the decryption, so 
the process Is completely controlled. The embedded 
data are! key transfer from the remote database may 
be protected with public dontain encryption techni- 
ques, providing h^h level security before first viewing. 45 

The vMeo program may be recorded as is, but it 
Is stSl unvtewabfe. To view it, the decrypter is used, 
along with the encrypted embedded da^ and an 
access to a secure database, to p^orm the decryp- 
tion. Recordings may be freely copied, but rennain so 
unviewable unless used with the decrypter. 

To view the programs requires access to the 
database using encrypted data transfer. This process 
yields the control of the video progranx whether 
receding or trans missiOTt The decrypter requires 55 
one or more keys that arrives from the datab^. To 
get the key, infcHmation from the video program as 
wen as temfvna! identScatton is sent to the database. 



A direct Electronic funds Transfer (EFT) debit can 
be perfonmed using the information. It the program is 
a video store copy, the EFT could Include the store fee 
and the copyright fee. Note that the video distributton 
to video stores becomes trivial, as they are encour- 
aged to take a direct recording with a video store key, 
along with their authorized converter box, and make 
as many copies as they like. The revenue control 
takes place at viewing time. This encourages a share- 
ware type of distribution. 

A passkey can be sent to the database, to allow 
viewing of questionable taste films by adults, control- 
ling access by minors. 

On the first access, the database w3l capture a 
signature derived from the user's equipment and the 
recording, and store it for subsequent tracking. As 
there is a compelled database access in this process, 
data on usage may be collected. This same process 
may t>e used for revenue collection. 

The system preferably uses at least one 
downloadable key, an encrypted video program that 
uses the key for decryption, and data stored in a field 
of the video program. It may be implemented in an all 
digital, analog, or mixed analog/digital environntent 

The video programs are encrypted, with data 
relating to the programs, e.g. where and when, who 
transmitted it The data may also contain part of the 
decryption key. This information would be extracted 
from the signal, and used to access a database, main- 
tained by the program's owners, to obtain an enoyp- 
ted key for the decrypter. After a subscriber and/or a 
credit check is successfully completed, the one or 
more keys would be transmitted. At this tinrte the 
owner has obtained usage data, with a specific user's 
ID, and has the option of billing him. If it is a free pro- 
gram, at least the viewer data is avaBable. 

If a user records a transmission or another 
recording, he captures the encrypted signal, along 
with embedded data, as described above. Thte 
accomplishes the signature part of the process. A 
recording created by this method may be on a regular 
VCR, but is encrypted and individually marked. Copy- 
ing a recording does not affect the system, as the rere- 
cording is only usable with the correct keys. 
Potentially, the first few nttnutes of a program might be 
vbwable without the need of a key, to allow the vsw 
to see what the contents of the program are. as well 
as to aDow time for the database access and key 
synchronization process. 

To play a recording back, it necessary to re-ot>- 
taln the one or wore keys. The combination of data 
stored in a field is used to access the database. Bef- 
ore the keys are made avallabte. there is a check that 
the terminal identification and the embedded data 
match. 

In ttve case wherein a rec(»Yling is rented from a 
vMeo store, a code may kJentify the store. The datab- 
ase recognizes the recording as a rental copy, and 
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charge either the user or the video store a fee. If the 
recording is viewed a second time, the charge Is 
repeated. In the event a copy Is made, when It is 
played, the datat>ase wiO Identify the originating video 
store, but not the actual copier. However, if val idation 5 
is performed at rental time» there would be sonte 
measure of control. If the entire charging process 
were to be reversed, such that the viewer carries alt 
the liabPity for charges, then copying is encouraged, 
as per shareware, and the distribution problem is mint- io 
mized, whfle revenues are maintained on a usage 
basis. 

The program's owner has the responsibility to get 
a secured copy to whoever deals with the distribution 
of the programs. The progran\s are encrypted, and f 5 
require a database update to enable viewers to make 
use of the program. The viewer has a terminal include 
ing a decrypter, linked to the central facility's datab- 
ase via an automatic dial-up. that, when enabled, 
decrypts the vkleo prograra As approprrate, there can 20 
be credit checks and billing from the database, as well 
as statistics collection. 

The encryption has two levels, one for protection 
of video decryption codes on the program, and one for 
protectk>n of messages between the terminal and the 25 
central facility. Both may use the NBS Data Encryp- 
tk>n Standard (DES). 

DES encryption and decryption may be 
Implemented with a commercial Motorola 6B59 Data 
Security Device or similar product at the tenninal and 30 
at the central facility. 

The decryption code itself is protected by being 
DES*encrypted. The decryption key is not on the 
video program but is retained in the database at the 
central facility. A program identification number and a 35 
decryption key number allow the central facSSy to 
recover the decryption key itself and send it to the ter- 
minal for decrypting the decryption codes. 

A different DES decryptton key is not required for 
every field. One key can span several fields. DES key 4o 
requests and acknowledgements from the terminal 
may also act as keep-alive nrtessages to the central fa- 
cBity. 

DES decryption keys are transmitted from the 
central fa cility to the terminal protected by a higher-le- 45 
vel DES "session" key. terminal requests for new keys 
as the tape progresses are also protected by the DES 
session key. This key Is generated by the central fa- 
ctTtty at the beginning of the session and remains vafid 
for the duratk)n of the session. The terminal begins so 
the session using a terminal-unique DES key stored 
in a ROM. 

Frame contents are transferred from the Analog 
Subsystem to the DCSS and the decrypted decryption 
code from the DCSS to the Analog Subsystem over 55 
the analog interface shown in the Figure. Transfer of 
data between the subsysten\s may be coordinated by 
means of the vertical and horizontal blanking signals 



and their derivative tnteirupts. 

All messages between terminal and central fa- 
cility use Cyclic Redundancy Code (CRC) checking to 
vertfy message integrity. The CRC-CCrTT generating 
polynomial generates two block check characters 
(BCC) for each message. If the tenminai recedes a 
message that is not verified by the BCC, It sends a 
request (ARQ) to the central facility to retransmit the 
last message. The central facflity does not attempt to 
ARQ garbled messages. It discards them and waits 
for a terminal to send again. 

Message exchange in the VCS is by a positive 
acknovirtedgent schenrw in which a response of some 
kffid is expected for every message sent For 
example, a terminal expects a DES decryption key 
message after it sends a request for the same; the 
central facility expects a key receipt acknowledge 
after it sends the key message. 

When a user begins to play a protected program, 
the terminal initiates a session by sending a 'session 
start" message (STS) to the central facility containing 
us&r and program identifications. The message corv- 
tains message type, user number and CRC code in 
the clear, tnit the balance of the message b DES- 
encrypted with the inftial DES session key stored in 
the tenminai ROM. (The user identification is also 
stored in ROM.) The central facility uses the unen- 
crypted data to access its database and find the user 
DES value for decrypting the remainder of the mes- 
sage. 

The central facility authenticates the message by 
comparing dear and decrypted user numbers. If the 
user numbers are identical, the central facBity then 
confinns that the program serial numb^ is vaiid. The 
central facility may also check user credit, tf all is well, 
the central facBity accepts the session and generates 
a new (and random) DES key that is unique for that 
session. It encrypts this using the Initial user value in 
the database and sends it to the terminal, which deo- 
rypts the message and stores the new value in its 
database (MCU RAM) as the sessbn key for the 
remainder of the session. 

The central facility then uses the tape and decryp- 
tion key number in the STS message to recover a set 
of DES decryption keys for the program firom the 
database. These are encrypted with the session key 
and sent to the terminal at the start of a sesskui or dur- 
ing the course of a session. 

The terminal generates session start key ack- 
nowledgement, and ARQ messages. The central fa- 
cSity responds in kind. Both the central facility and the 
terminal generate and verify block check characters. 

The preferred embodiment arwl best nfKKle of 
practicing the inventfon have been dcscn*bed ^tcr- 
nattves now win be apparent to those skilled in the art 
in light of these teachings. Accordingly the invention 
is to be defir^ by the fbitowtng daims and nc^ by the 
particular examples given. 
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1. A video system ccmiprising: 
a central facility; 

a terminal; and 5 
video program means for providing to said termr- 
nat a video program including a series of televi- 
sion fields including a first field containing both a 
random digital code encrypted according to a 
code encryption key and program identtftcaiion io 
data, and a second Held containing an unintellig- 
\\Ae video signal previously transformed from an 
tntelligibte video-signal according to said random 
digital code; 

said terminal including means for sending is 
said f^ram Identirication data to said centra! fa- 
cHity; 

said central facility including a data base 
for storing and retrieving at least one code 
encryption key corresponding to the program 20 
identification data and means for sending said 
code encryption key from said central facil^ to 
said terminal: 

saki terminal further including means for 
receiving the code encryption key from said cent- 25 
ral facility, decrypting means for decrypting the 
encrypted digital code of said first frame in 
accordance with said code encryption key and 
means for transfonming said unintelligible video 
signal of said second frame to said intelligible 30 
video signal using the decrypted random digital 
code. 

2. The system of claim 1 v^erein a plurality of code 
encryption keys are u^d for one program, and 3S 
wherein a desired code encryption key selected 
from said plurality of code encryption keys in 
accordance with code encryptton key klentifi- 
cation data cofresponding to the random digital 
code encrypted with saki desired code encryption 40 
key. 

3. The system of datm 1 or 2 wherein said video pro- 
gram means is means for transmitting said prog- 
ram to sakJ tenninal. 45 

4. The system of daim 3 wherein sakj means for 
transmitting is a CATV syst^ 

5. The system of any one of dain^s 1-4 wherem: so 

said tenninal further includes means to 
store termlna) k!entificatk)n data and a terminal 
spedHc encryption key. and means to send to 
sak} central facSity saki t&minal identirication 
data with said program identifEcatkm data; 55 

saki central facO&y ftjrther rndudes means 
for storing a duplicate of sakj terminal specific 
encryption key; means for encrypting saki code 
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encryptbn key according to saki terminal specific 
encryptran key; and means for sending the 
encrypted code encryption key from said central 
facility to said tenminal; and 

said tenninal further further indudes 
means for receiving the encrypted code encryp- 
tion key from said central facility; and decryption 
means for decrypting said code encryption key 
according to said terminal specific encryption 
key, 

6. The video system of any one of daims 1-4 whe- 
rein: 

said terminal further rndudes means to 
store tenninal identificatbn data and a terminal 
specific encryptbn key; and means to send to 
said central fadilty saki program klentiftcation 
data and saki terminal identificatktn data* 

said central fadlity further indudes means 
for provkiing a sesston encryption key; means for 
encrypting said session encryption key according 
to said tenninal specific encryption key; means 
for sanding the encrypted session encryption key 
from saki central facQity to said terminal; 

means for encrypting said code encryption 
key according to said encrypted session encryp- 
tion key; and means for sending the encrypted 
code encryption key from said central fadlity to 
said terminal; and 

said tenninal further indudes means for 
receiving the encrypted sessbn encryptkin key 
from saki central facOity; deciyptbn means for 
decrypting said sesston encryption key according 
to said tenninal specific encryption key. means 
for receiving the encrypted code encryption key 
from said central fadlity; and decryption means 
for decrypting saki code encryptkm key according 
to saki session encryption encryption key. 

7. The system of daim 5 or 6 wherein said terminal 
indudes means to encrypt said terminal identrTi- 
catton data according to said tenminal spedTic 
encryption key, and means to send unencrypted 
terminal kientificatton data and encrypted t&mi- 
nal kientifk:atk)n data to saki central fadlity, and 
said central fedlity includes means to compare 
unencrypted and encrypted tenninal kientification 
data to authenticate terntlrtat klentity. 

8. The system of any one of daims 5-7 wherein saki 
central facility further indudes means for generat- 
ing billing data based on said terminal IdentifK 
catbn data and said program identiTtcatton data. 

9. The vWeo system of any one of daims 1-8 whe- 
rein saki video program nrteans is a means 
located at said terminal for playing a video record- 
ing medium storing said program. 
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10. A video recording medium storing a video prog- 
ram including a series of television fields inciud- 
ing a first field containing both a random digital 
code encrypted according to a code encryption 

key and program identification data, and a sec- 5 
ond ftetd containing an un{nteOtgit}le video signal 
previously transfonned from an intelligible video 
signal according to said random digtel code. 

11. The medium of claim 10 wherein a plurality of io 
code encryption keys are used for one program. 

and wherein a desired code encryption key is 
selected from said plurality of code encryption 
keys in accordance with code encryption key 
identification data corresponding to the random is 
digital code encrypted with said desired code 
encryption key. 

12. The medium of daim 10 or 11 wherein said sec- 
ond field has a vertical blanking interval contain- 20 
ing both a rand(»fn digital code encrypted 
according to a code encryption key and program 
identlftcation data, and is followed by a third field 
containing an unintelligible video signal previ- 
ously transformed from an intelligible video signal 25 
according to said random digital code of the sec- 
ond field. 
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